-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathExecCommon.qll
More file actions
20 lines (18 loc) · 980 Bytes
/
ExecCommon.qll
File metadata and controls
20 lines (18 loc) · 980 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.security.ExternalProcess
private class RemoteUserInputToArgumentToExecFlowConfig extends TaintTracking::Configuration {
RemoteUserInputToArgumentToExecFlowConfig() { this = "ExecCommon::RemoteUserInputToArgumentToExecFlowConfig" }
override predicate isSource(DataFlow::Node src) { src instanceof RemoteUserInput }
override predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof ArgumentToExec }
override predicate isSanitizer(DataFlow::Node node) { node.getType() instanceof PrimitiveType or node.getType() instanceof BoxedType }
}
/**
* Implementation of `ExecTainted.ql`. It is extracted to a QLL
* so that it can be excluded from `ExecUnescaped.ql` to avoid
* reporting overlapping results.
*/
predicate execTainted(RemoteUserInput source, ArgumentToExec execArg) {
exists(RemoteUserInputToArgumentToExecFlowConfig conf |
conf.hasFlow(source, DataFlow::exprNode(execArg))
)
}